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Secure quantum key distribution (QKD) promises a revolutionizing in 
optical applications such as encryption, and imaging. However, their 
implementation in real-world scenarios continues to be challenged. The goal 
of this work is to verify the presence of photon number splitting (PNS) 
attack in quantum cryptography system based on BB84 protocol and to 


obtain a maximum secure key length as possible. This was realized through 
randomly interleaving decoy states with mean photon numbers of 5.38, 
Keywords: 1.588, and 0.48 between the signal states with mean photon numbers of 2.69, 
0.794, and 0.24. Experiment results show that a maximum secure key length 
BB84 protocol i , ae wigs : : 
obtained from our system, which ignores eavesdropping cases, is 125 with 
Decoy states protocol 20% decoy states and 82 with 50% decoy states for mean photon number of 
PNS 0.794 for signal states and 1.588 for decoy states. 
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1. INTRODUCTION 

Fifth generation (5G) won’t fit all the demands of the future in 2025 and beyond. Sixth generation 
(6G) wireless communication networks are expected to improve cost/energy/efficiency spectrum and 
security [1], [2]. 6G networks will rely on new enabling technologies such as quantum computing to meet 
these requirements. A massive investment has been made in quantum technologies, particularly in the field of 
quantum computing. Notwithstanding, such developments of quantum computers threaten internet security, 
easily break down classical encryption and leak private information into malicious adversaries. Hence, 
quantum secure communication technologies and quantum encryption are the focus of investor interest. 
In particular, quantum key distribution (QKD) is said to be a secure communication technology that is 
apparent in the presence of the eavesdropper, Eve, who has unlimited power to break the encryption. Since 
the invention of the first QKD BB84 protocol in 1984, many researchers have participated in this field to 
achieve this exciting concept [3]. 

Several different works have been recently reported to remove attacks on real device defects from 
theoretical security proofs, such as reference [4]. Nevertheless, Yuen [5], [6] has discovered in theory that even 
real devices work perfectly along with the standardized theories, there are problems even in theory. Ali et al. [7] 
conducted both a theoretical investigation and an experimental implementation of weak decoy and vacuum 
states on ID-3000 commercial QKD system for increasing the performance of the system. The type of attack 
investigated was a photon number splitting (PNS) attack. Lo et al. [8] used Gottesman-Lo-Liitkenhaus-Preskill 
(GLLP) method to prove the security of QKD based on a phase randomized weak coherent state source. 
The distance increased from 30 km with BB84 protocol to 140 km with decoy states protocol. To bridge the 
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gap between theory and practice, decoy-state measurement-device-independent QKD (mdiQKD) has been 
proposed, [9]. Nevertheless, its experimental complexity is inappropriate for practical applications [10]-[12]. 
In addition, the key secret key is very weak with current technology [13], [14]. Also, measurement device 
independent quantum key distribution (MDI-QKD), allows removing any presumption of confidence from 
the measuring device, which can be said that the weakest part of QKD realizations [15]-[18]. 

Using single photon sources in QKD, a perfect secure key is obtained, i.e. eavesdropper would be 
detected. Utilizing sources of single photons eavesdropper can be detected by monitoring the receiver’s 
quantum bit error rate (QBER) [19]. when an eavesdropper, Eve, gets information, she changes the 
distribution of the key. This introducing errors in the correlations between the sender and receiver. 
Eve measurement modifies the state itself [20]. In the current technology, no single-photon devices are 
available; the best option in quantum key distribution system substitute’s single-photon source in QKD BB84 
protocol by heavily attenuated laser pulses, these sources obey Poisson distribution, as shown in Figure 1 [17]. 
Poisson distribution for several values of mean photon number u of Figure 1(a) 0.1, Figure 1(b) 1, Figure 1(c) 5, 
and Figure 1(d) 10. These sources have pulses traveling from sender to receiver contain more than one 
photon, opening the door for a weakness in system security [21]. Heavily attenuated laser pulses source 
output enables eavesdropper to share some information through a PNS attack. 
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Figure 1. Poisson distribution for several values of mean photon number u of (a) 0.1, (b) 1, (c) 5, and (d) 10 


In this paper, the security of a QKD system has been enhanced by applying decoy states protocol 
against photon PNS. By randomly interleaving fake states (decoy states) with mean photon numbers of 5.38, 
1.588, and 0.48 within the transmitted signal of 2.69, 0.794, and 0.24 mean photon numbers, a PNS has been 
detected and a secure key has been gotten. The signal states and decoy states were compared to check the 
efficiency of the system and detect the PNS attack. The average length for a secure key obtained from our 
system, which ignores eavesdropping cases, is 125 with 20% decoy states and 82 with 50% decoy states. 

The paper is organized as: sections 2 and section 3 give a brief description of the PNS attack 
strategy and main concepts of the decoy-state protocol. Sections 4 and section 5 detail the experimental work 
and results. Finally, the conclusion is given in section 6. 


2. PHOTON NUMBER SPLITTING ATTACK 
PNS is a quite powerful attack described by Lütkenhaus. By using attenuated laser pulses instead of 
the ideal single-photon as the source in BB84 QKD systems, the distribution of photons is as follows. 
The pulses with no photons decrease the signal rate since no signal will be detected by Bob. The pulses with 
single PNS is a quite powerful attack described by Lütkenhaus. By using attenuated laser pulses instead of 
the ideal single-photon as the source in BB84 QKD systems, the distribution of photons is [22]: 
— The pulses with single-photon work perfectly. 
— The pulses with multi-photons are the problematic part. They have more than one copy of the 
polarization information, allowing Eve to split off a copy of the information without Alice and Bob 
knowing it. 
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— The pulses with multi-photons are the problematic part. They have more than one copy of the 
polarization information, allowing Eve to split off a copy of the information without Alice and Bob 
knowing it. 

In the PNS attack, Eve knows the number of photons on each signal sent by Alice without disturbing 
its polarization by a quantum non-demolition measurement. Eve works on the signal depending on the total 
number of photons. More precisely, the existence of multi-photon signals permits Eve to execute the PNS 
attack. Photon work perfectly. 

— When Eve finds empty pulses, she sends them back to Bob without further errors. 

— When she finds the pulses with multi-photons, she steals one photon and retains it in her memory and 
sends the remainder to Bob. When Eve sends a reminder to Bob, the original lossy quantum channel 
may be replaced by a lossless channel. Eve’s does not change the signal polarization either in the 
photon she sends on nor in the photon she splits off. Subsequently, in the protocol Alice will announce 
the basis of the polarization of the signal. This will allow Eve to make the correct measurement on the 
photon she split off, thus getting perfect information about the polarization of Alice’s signal. 

— When it is one photon, she just blocks it. 


3. DECOY STATE PROTOCOL 

The protocol of decoy-state has been proposed for detecting PNS attack, improving transmission 
distance and rate of the generated secure key of the QKD system [7]. By applying the protocol of decoy-state, 
Alice implements a BB84 protocol with mean photon number of the signal source (uṣ) and replaces randomly 
with a mean photon number ua (decoy-source). Eve cannot modify the transmission of the channel for more 
than one value of mean photon number (u) simultaneously. Eve treats single-photon signals from Us or Ug 
identically because she does not know which one of u is Alice used. Bob sends an acknowledgement of receipt 
of signals then Alice broadcasts pulses of signal states and pulses of decoy states. The rate of single-photon 
signals differ for each u, so Alice and Bob analyze separately the QBER of signal and decoy-state, since all 
characteristics of signal state and decoy-state are similar except u. The number of detection events from u, and 
Lg transmissions will be compared to give an estimation bounds of the single-photon transmitted on the 
channel. PNS attack will be caught because of the modification in the QBER of the system or transmittance 
characteristics of decoy states and/or signal states. Decoy states are fake states used only for catching an 
eavesdropper, but not for a key generation [23]. In decoy protocol, let’s assume that heavily attenuated laser 
pulses source contains a single photon with a 90% probability, then multi-photons with a probability of 10% 
generated randomly, the problem is not known when the multi-photon pulses have been emitted. Let the 
channel loss (£) equal to 90%, then it has a 10% yield (Q). 


Q=1-2 (1) 


By calculating the yield of decoy source, the eavesdropper can be detected. If attenuated laser pulses 
are used as a source in the QKD system, the fraction of multiphoton counts is called the fraction of tagged 
photons (A). It is a crucial value. Decoy-state protocol improved by Hwang [24] is an important method for 
the unconditional security of QKD with attenuated laser pulses to verify the upper bound of A. The verified 
upper bound of A in case of no eavesdropping is given by [25]. 


= bse Us 
AS pae Fa 2) 
By neglecting the pulses which had no light (uo = 0), A is given by: 
— Us Us ets Qa 2 
a ER Hd-us (i e#d Qs 1) (3) 


Where: 
A; = minimum value of tagged photon for the PNS attack. 
Q, = detection probability of signal pulses. 
_ no. of signal detections 
Qs ~ no. of signal states 
Q4 = detection probability of the decoy pulses. 
_ no. of decoy detections 
Qa ~ no. of decoy states 
The flowchart shown in Figure 2 represents decoy state protocol. 
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N= number of total random bits generated 


Generating random bits 
[bit (] 
Randomly select between 
Decoy bit and signal bit 


YES 


Use the signal state to generate Abort the transmission 
the Key (Apply 8884 protocol) (Eve exist) 


Figure 2. Block diagram of the BB84 protocol with decoy-state 


4. EXPERIMENTAL WORK AND RESULTS 

Figure 3 and Figure 4 show block diagram and experimental set up of our implemented QKD 
system based on the BB84 protocol. The transmitter side of the system has four laser diodes that are 
connected to personal computer (PC) through driver circuits. Trigger signals generated by PC, shown in 
Figure 5(a), fed driver circuits to generate an electrical signal that is used to operate each laser diode. 
Signal-states are emitted by running one laser diode randomly during one loop of program execution. 
The value of u in the system was controlled by reducing the intensity of the optical signal emitted from each 
laser diodes by using optical filters shown in Figure 5(b). Decoy-states (fake states) are produced by deriving 
two laser diodes concurrently, as shown in Figure 6. Decoy-states are interleaved randomly between the signal 
states within the four laser diodes operating loop of the system. The pulse duration for the electrical signal that 
is used to operate laser diodes was 200 ns at 11 kHz. The system was running with the BB84 protocol with and 
without decoy states. The numbers of total random bit generated from PC was equal to N = 30000. 
A comparison between these two cases was accomplished in order to detect a PNS attack. A program is 
written in MATLAB R2015a in order to analyze the results of the comparison. In this system, eavesdropping 
is checked for two types of decoy-states, 1-state decoy, i.e. (20%), and 4-states, i.e. (50%). For each type, two 
laser diodes were operated simultaneously. The beam splitter (PNS) was applied for all measurements. In the 
receiver side, for single-photon avalanche photodiode (APD) operating in Geiger mode, two excess voltage 
were used (Vz = 5 V and Vg = 7 V) at temperature -11 °C. Figure 7 shows the tests carried out for APD counts 
when one laser diode (LD) on (signal-states) Figure 7(a) and two LDs on (decoy-states) Figure 7(b). 
BB84 protocol including privacy amplification stages and error correction was applied to obtain the final key. 
Keys were extracted for QBER less than 15%. The tests are listed in the diagram shown in Figure 8. 
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Bob 


Alice 


Transmitter electronics 
Receiver electronics 


Figure 3. Quantum key distribution system for the BB84 protocol 


LD: laser diode, BS: beam splitter, PBS: polarizing beam splitter, APD: avalanche photodiode, 4/2: half-wave 
plate, and PC: personal computer. 
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Figure 5. PC signals and triggering signals for LD1: Figure 6. Decoy states pulses 


(a) PC signals and (b) firing pulse 
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Figure 7. Number of counts as a response for: (a) one LD on (signal states) and (b) two LDs on (decoy states) 


BB84 protocol BB84 protocol with decoy state 


Dark counts of APDs 
for Ve=5,7v 


Different values of 
Ve=5,7 v 


Detector counter circuit 


Different values of 


Ve=5,7 v Operating the system with (APD counts levels) 
different number of decoy state (dark counts, signal 
1. 50% counts, 
2. 20% Decoy signal counts) for 
various values of y & Ve 


Changing attenuation to 


Obtain different values of p. 


2 sheets No 
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1. With beam splitter 
(Eavesdropping) 
2. Without beam splitter 


Changing attenuation level 
1 sheet of 2 sheets of No glass 
glass glass 
1. With beam splitter (Eavesdropping) 
2. Without beam splitter 


Estimate the values of Y4 & Y, which are suitable to achieve the condition of security and detection of Eve 


Figure 8. Measurements and calculations block diagram 


Tables 1 and Table 2 show the average values of final key length with PNS attack for two voltage 
values Ve = 5 V, 7 V and without PNS attack for Ve= 5 V,7 V and for (u, = 0.24) by applying high 
attenuation on the transmitted signal and (u, = 0.794) with less attenuation respectively. The results give for 
20% and 50% decoy states.for high attenuation (u, = 0.24) the un appropriate to the system, while by using 
(ls = 0.794) secure keys have been obtained. 
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Table 1. Average values of the final key lengths with and without PNS attack for Vg = 5 V, 7 V and u, = 0.24 


V.IV Average final un attacked key length Average final attacked key length 
E 20% decoy states 50% decoy states 20% decoy states 50% decoy states 
5 83 65 76 46 
7 96 55 71 47 


Table 2. Average values of the final key lengths with and without PNS attack for Vg = 5 V,7 V and u,= 0.794 


5. 


V.IV Average final un attacked key length Average final attacked key length 
Ẹ 20% decoy states 50% decoy states 20% decoy states 50% decoy states 
5 125 82 104 64 
7 140 80 132 63 
CONCLUSIONS 


From our work the maximum average secure key length obtained was equal to 125 with 20 % decoy 


states and 82 with 50% decoy states which is considered to be short with maximum key length of 388 which 
was obtained from the same system by applying the BB84 protocol without decoy states. But the security of 
key is not guaranteed as far as the presence of Eve was not tested. The results obtained with, APD 
temperature = -11 °C and distance = 85 cm, the best values of u to give secure key with QBER < 15% 
satisfying A< Ai is (u, = 0.794) for both cases of using 20% and 50% decoy states with BB84 protocol with 
Ve=SV. 
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